New versions of the Bing.vc malware, however, are bundling with legitimate-looking products, said researchers at Intel McAfee in a posting. The security vendor said Lavians Inc. may be the culprit behind this.

“We have come across several files from Lavians Inc. that look like legitimate applications but may pose a serious risk,” said Intel’s Santosh Revankar. “We have observed that Lavians Inc. is repackaging clean applications with a browser hijacker to avoid suspicion and to increase its outreach.”

When users install these files, they’ll get the legitimate application, but also Bing.vc, hidden inside a file called IconOverlayEx.dll.

Bing.vc will install into Chrome, Firefox, and Internet Explorer, and it will take over the site’s homepage and insert ads into visited websites. The page to which this browser hijacker will redirect all users is Bing.vc, hence the malware’s name.

This website has nothing to do with Microsoft’s Bing service.

Intel McAfee researchers said a link on this hijacked homepage leads users to a site that tries to sell them an expensive utility to fix their browser hijacking problem.

Users who notice something strange and move to uninstall the original driver utility they installed will find all files will be removed, except for IconOverlayEx.dll, which will remain on the infected system.

During the uninstall routine, Bing.vc will alter the user’s PC registry keys and add two new entries that will load the DLL on every boot-up.

By doing so, even after uninstalling the original infected files, Bing.vc remains on the system.

Users who want to get rid of this infection have to remove the registry keys by hand or use an automated PC clean-up utility that usually comes with antivirus software.

The shortcuts for each browser also need to be cleaned by deleting the URL at the end of the application target parameter.